#!/bin/bash
domain="example.com"
ssl_dir="/etc/nginx/ssl"
conf_dir="/etc/nginx/conf.d"

#生成SSL证书
mkdir -p $ssl_dir
openssl req -x509 -nodes -days 365 -newkey rsa:2048
    -keyout $ssl_dir/$domain.key -out $ssl_dir/$domain.crt
    -subj "/CN=$domain"

#生成Nginx配置
cat > $conf_dir/$domain.conf << EOF
server {
    listen 80;
    server_name $domain;
    return 301 https://\$host\$request_uri;
}

server {
    listen 443 ssl;
    server_name $domain;
    ssl_certificate $ssl_dir/$domain.crt;
    ssl_certificate_key $ssl_dir/$domain.key;
    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host \$host;
    }
}
EOF

#测试并重载配置
nginx -t && systemctl reload nginx
